Improving PCI Compliance and preventing cleartext authentication
SUMMARY
In order to achieve PCI compliance you may need to make various setting changes. This article will help you make those changes. The same changes can also be used to ensure authentication is not done over cleartext. In order for these changes to be made you must have an SSL certificate for use on the server.
DETAIL
You may wish to prevent plain SMTP authentication if the
client is not on a secure connection (SSL or TLS). Be careful when setting this
value, as it will prevent users from sending email if they have not configured
their email client to use SSL/TLS. Setting the option is done through the
administration program. Expand the Servers->localhost->Services and
Connectors branch, right click on the SMTP icon and select Properties from the
popup menu. In the window that appears select the Inbound tab and
click Settings... under Port Settings. For each port you listen on, you can
select the option "Only allow secure authentication (using SSL or TLS)".
You need to restart the SMTP service after any change. For IMAP, when you expand the Services and Connectors branch, right click on the IMAP icon and select Properties from the popup menu. In the window that appears, click the Settings tab and enable the option "Clients can only authenticate whne using SSL/TLS". You must either have IMAP set to listen on an SSL port, and/or have enabled the checkbox "Enable SSL/TLS support". The POP service requires that you have "Requires SSL" option enabled for the POP port, normally port 995 for SSL.
For webmail, by default the cookies are not required to be sent over SSL, so it will work if you have not configured SSL for the web mail site. If you have configured web mail to only be accessible over SSL you can help improve PCI compliance by forcing cookies to require SSL. This is done by editing the web.config file in the Mail Enable\bin\Netwebmail directory and adding the following line inside the <system.web> element.
<httpCookies requiresSSL="true" />
REFERENCES
Configuring extra SMTP ports with this option:
Article ME020571
| Product: | MailEnable (ME-5.X ME-6.X Pro-5.X Pro-6.X Ent-5.X Ent-6.X) |
| Article: | ME020583 |
| Module: | General |
| Keywords: | pci,compliance,cleartext |
| Class: | HOWTO: Product Instructions |
| Revised: | Monday, October 16, 2023 |
| Author: | MailEnable |
| Publisher: | MailEnable |
- Mail Server
- Overview
- Features
- Comparisons
- Solutions
- Product Editions
- Feature Matrix
- Webmail Demo
- Video Gallery
- Migrate To MailEnable
- Testimonials